Attorney Docket No. _ 
Client Ref No. 



18926-002 nous 



"Express Mail" Label No. EK 435478565US 
Date of Deposit: May 23, 2000 



I hereby certify that this is being deposited with the United States 
Postal Service "Express Mail Post Office to Addressee" service 
under 37 CFR 1.10 on the date indicated above, addressed to: 



Assistant Commissioner for Patents 
Washington, D.C. 20231 



^S tMner No. 20350 

^S^SEND and TOWNSEND and CREW LLP 
BS Embarcadero Center, 8* Floor 
^SErancisco, California 941 1 1 -3834 
^1 ^76-0200 

^SBTANT COMMISSIONER FOR PATENTS 
BOX PATENT APPLICATION 
Washington, D.C. 20231 

Sir: 

Transmitted herewith for filing under 37 CFR 1.53(b) is the 
[ X ] patent application of 
[ ] continuation patent application of 
[ ] divisional patent application of 
[ ] continuation-in-part patent application of 

Inventor(s)/Applicant Identifier: Xin Qiu et al 

For: SECURE CONTROL OF SECURITY MODE 

[ ] This application claims priority from each of the following Application Nos./filing dates: 

60/138. 163/June 8. 1999 , 

the disclosure(s) of which is (are) incorporated by reference. 
[ ] Please amend Ms application by adding the following before the first sentence: "This application is a [ ] continuation [ ] 

continuation-in-part of and claims the benefit of U.S. Provisional Application No. 60/ , filed , the 

disclosure of which is incorporated by reference." 




Inclosed a 
X] 
X] 
X] 
X] 

] 



_page(s) of specification 
_page(s) of claims 
_page of Abstract 

_sheet(s) of [ X ] formal [ ] informal drawing(s). 



An assignment of the invention to 

A [ ] signed [ ] unsigned Declaration & Power of Attorney 
X ] A [ ] signed [ X ] unsigned Declaration. 
1 ] A Power of Attorney by Assignee with Certificate Under 37 CFR Section 3 .73(b). 

=: [ ]_ A verified statement to establish small entity status under 37 CFR 1.9 and 37 CFR 1.27 [ ] is enclosed [ ] was filed in the prior 
r-i application and small entity status is still proper and desired. 

7%. ] A certified copy of a application. 

3 ] Information Disclosure Statement under 37 CFR 1.97. 

r| ] A petition to extend time to respond in the parent application. 

LI ] Notification of change of [ ] power of attorney [ ] correspondence address filed in prior application. 

fi ] 





(Col. 1) 


(Col. 2) 


SMALL ENTITY 




OTHER THAN 
SMALL ENTITY 


FOR: 


NO. FILED 


NO. EXTRA 




RATE 


FEE 


OR 


RATE 


FEE 


BASIC FEE 










$345.00 


OR 




$690.00 


TOTAL 
CLAIMS 


32 -20 


*12 




X $9.00 = 




OR 


X $18.00 = 


$216.00 


INDEP. 
CLAIMS 


5 -3 


*2 




X $39.00 = 




OR 


X $78.00 = 


$156.00 


[ ] MULTIPLE DEPENDENT CLAIM PRESENTED 




+ $130.00 = 




OR 


+ $260.00 = 




* If the difference in Col. 1 is less than 0, enter "0" in 
Col. 2. 


TOTAL 




OR 


TOTAL 


$1,062.00 


Please charge Deposit Account No. 20-1430 as follows: 
[X] Filing fee 


s 


$1,062.00 







[X] 

[ ] 



Any additional fees associated with this paper or during the pendency of this application. 

The issue fee set in 37 CFR 1 . 1 8 at or before mailing of the Notice of Allowance, pursuant to 37 CFR 1 .3 II (b) 

[ for $ is enclosed. Respectfiilly submitted, 

TOWNSEND and TOWNSEND and CREW LLP 



2 extra copies of this sheet ^e enclosed. 



Telephone: 
(415) 576-0200 



Facsimile: 
(415) 576-0300 



William F. Vobach 
Reg No.: 39,411 
Attorneys for Applicant 



DE 701 6889 v1 



Client Reference No.: D2301 



Attorney Docket No.: 1 8926-0021 10 



Inventor(s): 



Assignee: 



PATENT APPLICATION 
SECURE CONTROL OF SECURITY MODE 



Xin Qiu, a citizen of United States, residing at, 
10529 Harvest View Way 
San Diego, C A 92128 

Paul Moroney, a citizen of United States, residing at, 
3411 Western Springs Road 
Olivenhain, CA 92024 

Eric J. Sprunk, a citizen of United States, residing at, 
6421 Cayenne Lane 
Carlsbad, CA 92009 



GENERAL INSTRUMENT CORPORATION 
101 Tournament Drive 
Horsham, PA 19044 



Entity: Large 



TOWNSEND and TOWNSEND and CREW LLP 
Two Embarcadero Center, 8* Floor 
San Francisco, California 941 1 1-3834 
Tel: 303/571-4000 



Client Reference No.: D2301 



PATENT 

Attorney Docket No.: 1 8926-0021 10 



SECURE CONTROL OF SECURITY MODE 

This application claims the benefit of U.S. Provisional Application 
60/138,163 filed on June 8, 1999 which is hereby incorporated by reference. 
5 BACKGROUND OF THE INVENTION 

This invention relates generally to the area of cryptography. More 
specifically, the invention relates to cryptographically securing a change in security levels 
(e.g., encryption/decryption and authentication levels) used in a data transmission. 

In the area of data transmission there is a need to secure messages that are 
10 transmitted so as to ensure that the messages are not compromised. One way to ensure 

this is by way of cryptography to encrypt a message at the transmitting end and to decrypt 
the received message at the receiving end. In this manner, someone who does not know 
the key used when the message is encrypted cannot gain access to the message content or 
successfully modify the message. An example of this need can be seen in systems that 
1 5 encrypt and protect MPEG transport streams. Conditional access messages flow from 
transmitters to receivers to enable users to view video and audio programs. These 
conditional access messages should not be compromised. In addition to 
encryption/decryption, authentication serves as another cryptographic measure used to 
secure a transmission. 

20 In some systems, the need for security varies depending on the content of 

the message, as well as who has access to a transmitted signal, etc. Thus, for example, it 
would be useful if a message signal could be encrypted at different security levels at 
different points in time. This would facilitate the person transmitting a message to 
transmit a low level security message at one level of security and to transmit a second 

25 message having a higher need for security at a higher level of security. 

Encryption algorithms often require a great deal of resources, such as 
memory for complicated encryption algorithm code, memory to store intermediate data 
produced by the cryptographic algorithm, processing power, instruction cycles, etc. Thus, 
one may send a message at the lowest level of encryption that is suitable for that 

30 particular message. Consequently, there is a need to be able to send messages that vary 
by their level of encryption. 
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Implementing changes in encryption could potentially be very 
complicated. Hence, when implementing a change to a higher level of encryption or 
security, it would be desirable to make such a change in a relatively easy manner. 

While it is desirable to make a change from a low level of encryption to a 
5 high level of encryption in a relatively easy maimer, one should make sure that a system 
is not compromised when a change is made from a high level of security to a low level of 
security. Namely, while an attacker who feints a change in security from low level to 
high level would cause the transmitter and receiver to utilize extra processing resources, 
the sent message woijld be less likely to be compromised because it would become 
10 secured according to a more secure algorithm. However, if an attacker is able to cause a 
shift to a low level of security from a high level of security, the attacker has made the 
process of breaking the code that much easier. Therefore, there is a need for a system that 
allows the change in security levels to be a secure change. 



1 5 SUMMARY OF THE INVENTION 

A method of providing varying levels of security for a data processing 
system comprises using the system to receive information from an outside source, 
retrieving an indicator from the received information that instructs the system to operate 
at a higher level of security, and continuing operation of the system at the high level of 
20 security imtil information is received by the system to indicate a change in security levels. 

Similarly, an apparatus comprises an input to receive a datastream, a 
Security Level Status Indicator, and code to execute a security algorithm indicated by the 
Security Level Status Indicator. 

In accordance with another alternative aspect of the invention, an 
25 authorization code signals when the change in security levels is authorized. A master key 
can be utilized to decrypt this authorization code so as to provide a high level of secvirity 
for the authorization. 

Other features of the invention will be apparent to those skilled in the art 
from a consideration of the following description taken in conjimction with the 
30 accompanying drawings wherein certain methods of and apparatuses for practicing the 
invention are illustrated. However, it is to be understood that the invention is not limited 
to the details disclosed but includes all such variations and modifications as fall within the 
spirit of the embodiments of the invention and the scope of the appended claims. 
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BRIEF DESCRIPTION OF THE DRAWINGS 
Figures la and lb show a flowchart that illustrates the transmitting of 
messages from a transmitter to a receiver while allowing the security level of the 
transmitted messages to be changed between a less secure level and a more secure level, 
5 for example, when different levels of encryption/decryption are utilized. 

Figure 2 shows transmitter and receiver circuits for transmitting messages 
and using different algorithms and keys that allow the security level of the transmissions 
to be altered. 

1 0 DESCRIPTION OF THE SPECIFIC EMBODIMENTS 

Referring now to Figures la and lb, an embodiment of the invention can 
be seen by reference to flowchart 100. As an example, the different security levels of the 
invention are described with reference to encryption/decryption. However, it should be 
understood that other cryptographic aspects of security could be utilized in place of or in 

15 addition to encryption, e.g. authentication. In Figure la, a receiver is set up or established 
to decrypt at a first mode of decryption 104. The processor is electrically coupled to an 
internal memory such as RAM or ROM. The internal memory stores code for different 
decryption algorithms. Thus, at initialization, the decryption algorithm designated at 
initialization is available for use by the processor of the receiver. In addition to the code 

20 which implements the decryption algorithm, the processor is also loaded with decryption 
keys. These keys could reside or be derived in the processor itself rather than being 
loaded from the external memory of the receiver. This prevents the keys firom being 
compromised by an attacker who is able to read the contents of the memory device. By 
establishing the key information within the processor, the key information is secured. 

25 Once the receiver is estabUshed with the initial level of encryption, an 

indicator is implemented to indicate the encryption/decryption level at which the system 
is operating. For a two-level decryption receiver, this could be accomplished by storing a 
single bit in the decryption imit 106, e.g., receiver. This single bit is capable of 
designating a high level of decryption, e.g., "1", and a low level of decryption, e.g., "0". 

30 This bit could be stored in local memory of the processor or in a register of the processor. 
At the time of initialization, this bit is set to indicate the initial level of decryption to be 
implemented by the receiver. When the security level is changed, this bit can then be 
changed to indicate the new level of security, e.g., level of encryption/decryption. 
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When multiple security levels are utilized by the system, e.g., multiple 
levels of encryption at a transmitter or multiple levels of decryption at a receiver, then 
more than one bit can be utilized to indicate the level of security. Similarly, this multiple 
bit combination can be stored in the local memory or register of a processor and altered 
5 according to a change in security level. Furthermore, this indicator can be stored at both 
the receiver and the transmitter. In such a fashion, the pair can remain coordinated as to 
which level of security is being used. 

Once an initial encryption/decryption level is established in the transmitter 
and receiver, messages are encrypted at the initial encryption level 110. This can take 

10 place using a processor located at a transmitter to encrypt a message or messages, such as 
might be carried within an MPEG-2 encoded transport stream. Code for implementing 
the encryption algorithm will be utilized by the processor to implement the encr5^tion 
algorithm using the content of a message and any necessary encryption key. Once the 
message is encrypted, it is then transmitted to the receiver 112 over a communication 

15 charmel. 

At the receiving end of the transmission, the receiver receives the message 
encrypted at the initial level of encryption 116 from an outside source, e.g., the 
transmitter at the cable head-end. The receiver then decrypts the encrypted message 
utilizing the decryption code and decryption key(s) with which it was initialized 120. 

20 This process continues with the transmitter sending encrypted messages and the receiver 
decrypting the messages until a change in the security level is indicated. 

The need for a change in security level could arise for a variety of reasons. 
For example, consider the situation of a cable company that introduces set-top boxes that 
operate at an initial level of security. That level of security may be acceptable for several 

25 years. However, at a later date, there may be a desire to increase the level of security. In 
such a situation, the cable company could implement the change to the higher level of 
security. Furthermore, if problems are caused in the cable system by the change to the 
higher level of security, then the cable system could temporarily switch back to the lower 
level of security until those problems are resolved. Then the switch to the higher level of 

30 secvirity could be made again. This is but one example of how the invention could be 

usefiil. It might also be desirable to use it as a way of changing security on a program by 
program basis or a time of day basis, as circumstances may warrant. 

One way to indicate a change in encryption/decryption levels is by 
transmitting an indicator that indicates the level of security being implemented by the 
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change 124. Such an indicator is referred to as a Security Level Status Indicator (SLSI) 
and indicates what level of security is being implemented. For example, it can indicate 
the corresponding level of encryption/decryption being implemented by the change. The 
SLSI can simply be a single bit that makes up part of another message or it could be a 
5 message unto itself. For example, it is envisioned that a single bit of an Entitlement 

Management Message (EMM) or Key Management Message (KMM) that is sent by cable 
operators to their individual customers could serve as the SLSI. Furthermore, the SLSI 
need not be limited to a single bit. It could be longer to indicate more than two security 
levels, e.g., encryption/decryption levels. 

10 The SLSI or other signal sent by the transmitter is then received at the 

receiver 128. When the SLSI is embedded w^ithin a longer message such as an EMM or 
KMM, the decryption device, e.g., the receiver, vsdll need to parse out the SLSI in order to 
analyze whether a change in the security level has occurred. Essentially, the receiver can 
determine whether a new SLSI has been received by comparing the new SLSI value with 

1 5 the old SLSI value stored at the receiver. 

If a change in the SLSI value is detected, it is tested to determine whether 
it indicates a change from a low level security algorithm to a higher level security 
algorithm (e.g., by changing from a "0" to a "1") 132. If this is the case, the SLSI value 
stored at the receiver should be updated (e.g., by changing the SLSI value in the processor 

20 toa"l"). 

Normally, a false indication of a change from a low level of 
encryption/decryption to a higher level of encryption/decryption will not be a concern. 
Such a change would simply make an attacker's job more difficult. So, it is unlikely that 
an attacker would purposely try and alter the SLSI in such a maimer. Rather, it would be 

25 expected that an attacker would try and decrease the security level being used by a system 
in order to have a greater chance of breaking a less difficult security system. 

Hence, in one mode of the invention, the encryption/decryption level at the 
decryption device is increased if an increase in encryption/decryption level is indicated 
174. This occurs by switching to use of the higher level of decryption code stored in the 

30 local memory of the processor in the receiver. Any keys associated with the new 

decryption level may be positioned so as to be more readily accessible. This might occur 
by moving the keys from local memory to a register which has a faster access time. Once 
the information for the new decryption level has been loaded, the receiver can receive a 
message encrypted at the new higher level of encryption and process it accordingly. A 
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user might choose to encrypt the SLSI even when an increase in security is implemented. 
In such a case, the bit of the SLSI can be encrypted by the transmitter and decrypted at 
the receiver. 

Alternatively, one might want to decrease the encryption/decryption level 
5 being used from a higher level of encryption/decryption to a lower level of 

encryption/decryption. In such a case, it is important to be able to verify that the 
instruction to change the encryption/decryption level is legitimate in order to prevent an 
attacker from compromising the system. 

One method of downgrading the security level is by fransmitting an 

10 authorization signal to the receiver to indicate the downgrade. This authorization signal 
shall be referred to as a Decreased Security Authorization Code (DSAC) since it is 
typically a coded signal that is transmitted to indicate that the security level can be 
reduced from a higher security level to a lower security level. 

Continuing with the example of Fig. lb, the receiver checks to see if a 

1 5 DSAC has been received 136. If no DSAC is received, then encryption/decryption levels 
are not changed 140. Furthermore, operation continues at the present or higher level of 
encryption/decryption 144. However, if a DSAC is received, it is tested to determine its 
content. In one embodiment, the DSAC is encrypted and authenticated. Hence, it will be 
decrypted 148 and its authentication verified. The content of the DSAC is then confirmed 

20 1 52, e.g., by comparing the value of the DSAC to the SLSI value held by the receiver. 

Thus, in the absence of an authorization signal, an unauthorized decrease in security level 
is prevented. After confirming that a change in encryption/decryption level has been 
indicated, the SLSI value held by the receiver is updated to reflect the change in the 
encryption/decryption level status. 

25 The DSAC can be transmitted as part of a Key Management Message 

(KMM). A Key Management Message is used in encrypted systems to transmit new keys 
used by the decryption algorithms. Thus, it allows new keys to be switched at periodic 
intervals in the receiver to prevent attackers from compromising the system. 
Consequently, when the Key Management Message is transmitted, the longest and 

30 sfrongest key held by the receiver is typically used to decrypt the KMM. Thus, the KMM 
is considered to have a very high level of security. Therefore, it is a s\aitable vehicle for 
transporting the DSAC. In this way, the DSAC can be included as part of the KMM and 
decrypted by a key of the receiver that is used to provide the highest level of security, i.e., 
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the master key. Therefore, it is unlikely that an attacker can change the level of security 
being used by the system. 

Furthermore, delivery of the DSAC may also be protected against replay 
attacks. That is you could not re-use a message to re-lower security. This would require 
5 that messages authorizing a decreased security level be different. This can be 

implemented by providing code for algorithms which prevent replay attacks, such as 
those disclosed in "Applied Cryptography 2"^^ Edition," by Bruce Schueier, John Wiley 
and Sons, Inc., which is hereby incorporated by reference for all that it discloses and for 
all purposes. 

1 0 When a DSAC signal is received and confirmed, the security level is 

changed and the SLSI is updated to reflect the change. The SLSI would be stored in a 
register of the processor or in local memory of the processor, so the changing of its value 
is straightforward. Any keys necessary for implementing a new decryption level should 
be moved or loaded into their designated locations in the processor memory or registers. 

15 At the time of changing the encryption/decryption level, it might also be desirable to load 
a new key to the receiver 1 54. This is facilitated if the DSAC is made part of the KMM 
which is used to transport new keys. 

Once the encryption level is changed, a new message can be encrypted at 
the second level of encryption by the transmitter 158. This message can then be 

20 transmitted to the receiver at the second level of encryption 162. The receiver would then 
receive the encrypted message 166 and decrypt the encrypted message utilizing the 
second level of decryption code stored by the receiver 170. This process can then be 
repeated as needed to facilitate the need for a high level of security and the need for 
efficient processing made possible by lower levels of security in transmissions. 

25 A system 200 for practicing an embodiment of the invention can be seen in 

Figure 2. Figure 2 shows a transmitter 206 and a receiver 250. For example, the 
transmitter could be located in a cable headend 204 and the receiver could be a set-top 
box located at a cable customer's home. The transmitter may be comprised of an 
integrated circuit such as a processor 208. This circuit could include Algorithm Code #1 

30 220, which corresponds to the algorithm used to provide the lower level of cryptography. 
Similarly, it would also include Algorithm Code #2 224 which corresponds to the 
algorithm used to provide the higher level of cryptography. The transmitter could store in 
its local memory 216 a value corresponding to the Security Level Status Indicator (SLSI) 
212 which indicates the level of security being used by the system. 
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The receiver 250 houses an integrated circuit such as security processor 
254. An input 258 of the processor is coupled to the input signal from an outside source, 
e.g., the transmitter. The processor stores the code for the lower level security algorithm 
282 and code for the higher level security algorithm 278 in its internal memory. The 
5 Security Level Status Indicator (SLSI) 286 is stored in a register or local memory of the 
processor. When the Decreased Security Authorization Code is received, it can be stored 
in local memory 270 of the processor for processing. The master key 266 may be stored 
in a register or local memory of the processor to protect its integrity. Similarly, any new 
keys received, such as a new Triple DES key 274 should be stored in a register or local 

1 0 memory of the processor as well. Figure 2 shows that the single DES key 290 and the 
existing Triple DES key 262 are stored by the processor as well. 

As one example, it is envisioned that the system could operate at two 
levels of encryption/decryption. Namely, it is envisioned that single DES could serve as 
the low level of encryption while Triple DES could serve as the high level of encryption. 

1 5 However, it is also possible that additional algorithms could be used as well. Thus, the 
system could operate at a variety of levels. Furthermore, it is noted that those various 
encryption/decryption levels could be public key or non-public key systems, for example. 

While the invention has been described in regard to increasing security of 
a system by way of changing encryption/decryption levels, it should be understood that 

20 the invention is also applicable to changes in the level of authentication used in a 

transmission system. Thus, where the invention has been described above as a system for 
protecting privacy by way of encryption and decryption, it should also be understood to 
apply to changing, for example, digital signature requirements, as a way of changing 
authentication levels. Furthermore, it should be understood that changes in both 

25 encryption/decryption and authentication levels can be accomplished with the invention. 

Furthermore, where the invention has been described as being 
accomplished by a processor executing code, it should be understood that the invention 
may also be accomplished by various combinations of hardware and software, e.g.: 
individual hardware components; hardware controlled by software; a combination of 

30 hardware and software; or even software alone. Thus, as one example, hardware distinct 
from the processor could be utilized to encrypt an MPEG-2 transport stream while a 
processor performs other encryption duties. 

In addition to embodiments where the invention is accomplished by 
hardware, it is also noted that these embodiments can be accomplished through the use of 

8 
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an article of manufacture comprised of a computer usable medium having a computer 
readable program code embodied therein, which causes the enablement of the functions 
and/or fabrication of the hardware disclosed in this specification. For example, this might 
be accomplished through the use of hardware description language (HDL), register 
5 transfer language (RTL), VERILOG, VHDL, or similar programming tools, as one of 
ordinary skill in the art would understand. Therefore, it is desired that the embodiments 
expressed above also be considered protected by this patent in their program code means 
as well. 

It is also noted that many of the structures and acts recited herein can be 
1 0 recited as means for performing a function or steps for performing a function, 

respectively. Therefore, it should be understood that such language is entitled to cover all 
such structures or acts disclosed within this specification and their equivalents. 

It is thought that the apparatuses and methods of the embodiments of the 
present invention and many of its attendant advantages will be understood from this 
1 5 specification and it will be apparent that various changes may be made in the form, 

construction and arrangement of the parts thereof without departing from the spirit and 
scope of the invention or sacrificing all of its material advantages, the form herein before 
described being merely exemplary embodiments thereof. 
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WHAT IS CLAIMED IS: 

1 1 . A method of providing varying levels of security in a data 

2 processing system, the method comprising: 

3 receiving information from an outside source; 

4 retrieving an indicator from the received information that instructs the 

5 system to operate at a higher level of security; 

6 preventing operation at a lower level of security xmtil information is 

7 received by the system to authorize a decrease in security levels. 

1 2. The method of claim 1 and further comprising: 

2 receiving an encrypted message, said encrypted message comprising a 

3 Decreased-Security- Authorization-Code to authorize said decrease in security levels. 

1 3. The method of claim 2 wherein said Decreased-Security- 

2 Authorization-Code authorizes a decrease in encryption/decryption levels. 

1 4. The method of claim 2 wherein said Decreased-Security- 

2 Authorization-Code authorizes a decrease in authentication level. 

1 5. The method of claim 2 wherein said Decreased-Security- 

2 Authorization-Code authorizes a decrease in authentication level and a decrease in 

3 encryption/decryption levels. 

1 6. The method of claim 2 wherein said encrypted message further 

2 comprises a key for use in a decryption algorithm. 

1 7. The method of claim 6 wherein said system stores a master key to 

2 decrypt messages comprising new decryption key values and further comprising: 

3 using said master key stored at said system to decrypt said encrypted 

4 message. 

1 8. The method of claim 1 and further comprising: 

2 establishing a Security-Level-Status-Indicator at said system to indicate a 

3 level of security that is being implemented by the system. 
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1 9. The method of claim 8 wherein said Security-Level-Status- 

2 Indicator indicates a level of encryption/decryption that is being implemented by the 

3 system 

1 10. The method of claim 8 wherein said Security-Level-Status- 

2 Indicator indicates a level of authentication that is being implemented by the system. 

1 II. The method of claim 8 wherein said Security-Level-Status- 

2 Indicator indicates a level of authentication and a level of encryption/decryption that is 

3 being implemented by the system. 

1 12. The method of claim 8 and further comprising: 

2 configuring said Security Level Status Indicator to indicate more than two 

3 security levels so as to allow said system to utilize more than two security levels. 

1 13, The method of claim 1 and further comprising: 

2 utilizing a cable head-end as said outside source. 

1 14. The method of claim 2 and further comprising using a Key 

2 Management Message to convey said Decreased Security Authorization Code. 

1 15. The method of claim 14 wherein delivery of said Key Management 

2 Message is authenticated 

1 16. The method of claim 14 wherein delivery of said Key Management 

2 Message is protected against a replay attack. 

1 1 7. The method of claim 14 wherein delivery of said Key Management 

2 Message is authenticated and protected against a replay attack. 

1 18. The method of claim I wherein a lower level of security is non- 

2 public Key mode, wherein a higher level of security is a public Key mode, the method 

3 further comprising: 

4 continuing operation of the system in the public Key mode until an 

5 encrypted predefined message is received by the system from the outside source. 
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1 19. The method of claim 1 8 wherein said system stores a master key to 

2 decrypt messages comprising new decryption key values and further comprising: 

3 using said master key stored at said system to decrypt said encrypted 

4 message. 

1 20. A method of providing a secure transition between security levels 

2 in a data processing system, the data processing system having at least a high level of 

3 security and a low level of security for operation, the method comprising: 

4 using the system to receive information from an outside source; 

5 operating the system at the high level of security; 

6 continuing operation of the system at the high level of security until an 

7 encrypted authorization message is received by the system from the outside soTirce 

8 authorizing a switch to a different level of security. 

1 21. A cryptographic device comprising: 

2 an input to receive a datastream; 

3 a Security -Level-Status-Indicator; and 

4 code means for executing a cryptographic algorithm wherein said 

5 cryptographic algorithm is indicated by said Security-Level-Status-Indicator. 

1 22. The device as described in claim 21 wherein said code means for 

2 executing a cryptographic algorithm comprises code means for executing a high level 

3 cryptographic algorithm and code means for executing a low level cryptographic 

4 algorithm relative to said high level cryptographic algorithm. 

1 23. The device of claim 22 wherein said high level cryptographic 

2 algorithm comprises a high level decryption algorithm and wherein said low level 

3 cryptographic algorithm comprises a low level decryption algorithm. 

1 24. The device of claim 22 wherein said high level cryptographic 

2 algorithm comprises a high level authentication algorithm and wherein said low level 

3 cryptographic algorithm comprises a low level authentication algorithm. 

1 25. The device of claim 22 wherein said high level cryptographic 

2 algorithm comprises a high level decryption algorithm and a high level authentication 
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3 algorithm and wherein said low level cryptographic algorithm comprises a low level 

4 decryption algorithm and a low level authentication algorithm. 

1 26. The device as described in claim 22 wherein said high level 

2 cryptographic algorithm is a public Key encryption algorithm and wherein said low level 

3 cryptographic algorithm is a non-public Key encryption algorithm. 

1 27. The device as described in claim 21 and further comprising code 

2 means for decrypting a Decreased Security Authorization Code. 

1 28. The device as described in claim 27 and further comprising code 

2 means for preventing a replay attack in delivery of said Decreased-Security- 

3 Authorization-Code. 

1 29. The device as described in claim 27 and further comprising a 

2 master key to use in decrypting said Decreased Security Authorization Code. 

1 30. The device as described in claim 21 wherein said Security Level 

2 Status Indicator is encrypted. 

1 3 1 . A method of processing data comprising: 

2 providing a receiver to receive a transmission; 

3 establishing a Security-Level-Status-Indicator at said receiver; 

4 establishing a first level of decryption at said receiver; 

5 encrypting a first message at a first level of encryption; 

6 transmitting said first message to said receiver at said first level of 

7 encryption; 

8 receiving said first message at said receiver; 

9 decrypting said first message encrypted at said first level of encryption; 

10 transmitting a Decreased-Security- Authorization Code to change firom said 

1 1 first level of decryption to a second level of decryption; 

12 receiving said Decreased-Seciority- Authorization-Code; 

1 3 determining a change in encryption level from said first level of encryption 

14 to said second level of encryption; 

1 5 adjusting said Security-Level-Status-Indicator at said receiver; 

16 encrypting a second message at said second level of encryption; 
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1 7 transmitting said second message at said second level of encryption; 

1 8 receiving said second message at said receiver; and 

1 9 decrypting said second message at said receiver. 

1 32. An apparatus for processing data comprising: 

2 a receiver to receive a transmission; 

3 a Security -Level-Status-Indicator stored in said receiver; 

4 first decryption code stored in said receiver for use in decrypting said 

5 transmission when encrypted at a first encryption level; 

6 a transmitter to transmit said transmission; 

7 first encryption code stored in said transmitter to encrypt a message at said 

8 first encryption level; 

9 code means for transmitting a Decreased-Security- Authorization-Code 

1 0 from said transmitter to said receiver so as to change fi-om said first level of encryption to 

1 1 a second level of encryption; 

] 2 second decryption code stored in said receiver for use in decrypting said 

] 3 transmission when encrypted at said second level of encryption; and 

1 4 second encryption code stored in said transmitter to encrypt at said second 

] 5 encryption level. 



14 



Client Reference No.: D2301 



SECURE CONTROL OF SECURITY MODE 

ABSTRACT OF THE DISCLOSURE 
A system to change secvirity levels is used to change the level of secxirity used 
in a secured processing system. The system uses a status indicator to designate the security 
5 level being implemented. The security level can be upgraded to allow a higher level of 
security to be implemented v^ith relative ease. However, in order to change from a higher 
level of security to a lower level of security, an authorization code is utilized to confirm that 
the change in security is authorized. 

10 DE 7001426 vl 
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DECLARATION 

As a below named inventor, I declare that: 

My residence, post office address and citizenship are as stated below next to my name; 1 believe I am the original, fu-st and sole 
inventor (if only one name is listed below) or an original, first and joint inventor (if plural inventors are named below) of the subject 
matter which is claimed and for which a patent is sought on the invention entitled: SECURE CONTROL OF SECURITY MODE 

the specification of which X is attached hereto or was filed on as Application No. and 

was amended on (if applicable). 

I have reviewed and understand the contents of the above identified specification, including the claims, as amended by any 
amendment referred to above. I acknowledge the duty to disclose information which is material to patentability as defined in Title 37, 
Code of Federal Regulations, Section 1.56. I claim foreign priority benefits under Title 35, United States Code, Section 119 of any 
foreign application(s) for patent or inventor's certificate listed below and have also identified below any foreign application for patent 
or inventor's certificate having a filing date before that of the application on which priority is claimed. 

Prior Foreig n Application(s) 



Country 


Application No. 


Date of Filuig 
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J hereby claim the benefit under Title 35, United States Code § 1 19(e) of any United States provisional application(s) listed below: 



Application No. 


Filing Date 


60/138,163 


June 8, 1999 



I claim the benefit under Title 35, United States Code, Section 120 of any United States application(s) listed below and, insofar as the 
subject matter of each of the claims of this application is not disclosed in the prior United States application in the maimer provided by 
the fu-st paragraph of Titie 35, United States Code, Section 1 12, 1 acknowledge the duty to disclose material information as defined in 
Title 37, Code of Federal Regulations, Section 1.56 which occiuxed between the filing date of the prior application and the national or 
PCT mtemational filing date of this application: 



Application No. 


Date of Filing 


Status 









Full Name of 
Inventor 1: 


Last Name: 
QIU 


First Name: 
XIN 


Middle Name or Initial: 


Residence & 
Citizenship: 


City: 

San Diego 


State/Foreign Country: 

California 


Country of Citizenship: 

United States 


Post Office 
Address: 


Post Office Address: 

10529 Harvest View Way 


City: 

San Diego 


State/Country: 
California 


Postal Code: 
92128 


Full Name of 
Inventor 2: 


Last Name: 
SPRUNK 


First Name: 
ERIC 


Middle Name or Initial: 
J. 


Residence & 
Citizenship: 


City: 

Carlsbad 


State/Foreign Country: 
California 


Country of Citizenship: 
United States 


Post Office 
Address: 


Post Office Address: 
6421 Cayenne Lane 


City: 

Carlsbad 


State/Country: 

California 


Postal Code: 

92009 
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Full Name of 


Last Name: 


First Name: 


Middle Name or Initial: 


Inventor 3: 


MORONEY 


PAUL 






Residence & 


City: 


State/Foreign Country: 


Country of Citizenship: 


Citizenship: 


Olivenhaln 


Caiifornia 


United States 




Post Office 


Post Office Address: 


City: 


State/Country: 


Postal Code: 
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3411 Western Springs Road 


Olivenhaln 


California 


92024 



I ftirther declare that all statements made herein of my own knowledge are true and that all statements made on information and belief 
are believed to be true; and further that these statements were made with the knowledge that willful false statements and the like so 
made are punishable by fine or imprisonment, or both, under Section 1001 of Title 18 of the United States Code, and that such willful 
false statements may jeopardize the vaHdity of the application or any patent issuing thereon. 
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